<?php
session_start();

if(!isset($_SESSION['loggedin'])) 
{ 
	exit;
}
if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') 
{
	require_once '../config.php';
	if(isset($_GET['id']) && isset($_GET['action']))
	{
		//check if admin
		$con = mysqli_connect(DB_SERVER,DB_USER,DB_PASS,DB_NAME);
		if (mysqli_connect_errno()) {
			echo "Failed to connect to MySQL: " . mysqli_connect_error();
		}
		else
		{	
			$id = mysqli_real_escape_string($con,$_GET['id']);
			$action = mysqli_real_escape_string($con,$_GET['action']);
			$setLabel = '';
			if($action == 'approve')
			{
				$status = 1;
				$setLabel = 'unapprove';
			}
			if($action == 'unapprove')
			{
				$status = 0;	
				$setLabel = 'approve';				
			}
			mysqli_query($con,"UPDATE contest SET approved = $status WHERE id = $id");
			mysqli_close($con);
			echo 'success' . '-'. $setLabel;			
		}
	}	
}
?>